In most processor based systems, any system software or program executing in a privileged mode, such as for example in “ring 0,”has access to critical resources of the system, including images of other programs executing on the system and data, including data of other programs, present on the system either in memory or in other storage. As is known, undesired software or malware such as a Trojan, worm, virus, etc. may be able to breach the security of an operating system by modifying, disabling, or circumventing the execution of such a program executing in privileged mode in memory. For example, a very large fraction of the vulnerabilities addressed by patches to Microsoft® Windows® in 2003 and 2004 were related to in memory modification of programs or portions of the operating system.
It is possible to verify the integrity of a program prior to its being loaded in memory using a method such as that described in currently pending U.S. patent application Ser. No. 11/173,851. However such verification cannot prevent in-memory modification of executing programs.
Direct protection of memory in which such privileged programs may execute is possible, but existing mechanisms add performance penalties to the operation of the system and/or require the maintenance of additional structures in memory.
Virtualization is a technique that enables a processor based host machine to present an abstraction of the host, such that the underlying hardware of the host machine appears as one or more independently operating virtual machines. Each virtual machine may therefore function as a self-contained platform. Often, virtualization technology is used to allow multiple guest operating systems and/or other guest software to coexist and execute apparently simultaneously and apparently independently on multiple virtual machines while actually physically executing on the same hardware platform. A virtual machine may mimic the hardware of the host machine or alternatively present a different hardware abstraction altogether.
Virtualized systems provide guest software operating in a virtual machine with a set of resources (e.g., processors, memory, I/O devices) and may map some or all of the components of a physical host machine into the virtual machine, or create fully virtual components. The virtualization system may thus be said to provide a virtual bare machine interface to guest software. In some embodiments, virtualization systems may include a virtual machine monitor (VMM) which controls the host machine. The VMM provides guest software operating in a virtual machine (VM) with a set of resources such as processors, memory, and I/O devices. The VMM may map some or all of the components of a physical host machine into the virtual machine, and may create fully virtual components, emulated in software in the VMM, which are included in the virtual machine (e.g., virtual I/O devices).
A privileged program as described above may then execute within a VM of the virtualized system, within a privileged environment within the VM. For example, if a Linux operating system is running within one VM of a virtualized system, a privileged program may execute within ring-0 or ring-3 of the Linux-based VM.
Processors such as Intel® processors and others may be designed in general to allow data from memory to be cached by the processor. Additionally, accesses to data in memory may require one or more actions to be taken with regard to the contents of caching structures in the system processor or processors. These actions are referred to herein as snooping characteristics. Furthermore, certain processors may select to allow dynamic reordering of memory accesses. The type of caching (cacheability), if any, used by the processor to access a location in memory, the snooping characteristics and whether dynamic reordering of memory accesses is enabled for that location determines certain behaviors of the memory location, such as for example whether the memory location supports ordering operations or side-effects of reads correctly. These attributes and others that relate to memory behavior are called a memory type and may be specified for a given memory location and access event using a variety of system flags and registers. Memory types may include, for example, “uncacheable”, “write combining”, “write through”, “write back”, and “write protect”. Memory type range registers (MTRRs), a page attribute table, page tables and other processor control register fields may determine, for each memory access, the relevant memory type for the linear or physical address being accessed. The communication protocols utilized by a processor may vary depending on the memory type of the memory location being accessed.